On Tuesday, we began our webinar recap by looking at Form PF requirements and recommendations and other essentials for maintaining an effective compliance program. The second half of our webinar focused on technology compliance, specifically around message archiving, email security and mobile device management. Let’s take a closer look at some of the content that was covered. If video is more your style, you can watch a replay of the webinar here.

Record Retention & Message Archiving

In order to meet the requirements of the SEC, firms must retain and archive more than just email. Instant messages, Bloomberg and Thomson Reuters messages and other electronic communications are also considered required archival material.

Messages typically need to be archived for 5 to 7 years.

The regulation is very specific in stating that archived data cannot be modified, for obvious reasons. Common practice is to store your archived data in a WORM (Write Once, Read Many) format.

One important aspect of the regulation stipulates that investment firms must be able to ‘promptly’ respond to an SEC request for information. This means firms must have the ability to efficiently search and index their data to access records in a timely manner.

Email Security

Email security is an often overlooked area of important for hedge funds and investment firms, particularly as most assume that standard security practices are in place with any given solution. And while that may be the case oftentimes, it should not be assumed. Four key features to look for in an email security solution are:

Outbound Email Encryption: This encryption ensures that every outbound email message that contains sensitive or confidential information is encrypted. The technology behind this service scans messages for pre-defined filters or compliance rules and will encrypt the appropriate messages before delivering to the recipient.

Spam Filtering & Anti-virus Protection: Inbound email messages are inspected for unwanted junk email and viruses. These solutions are often referred to as inbound email protection solutions and are typically standard deployments across an organization.

Data Loss Prevention: The goal of DLP is to interrogate outgoing email for confidential information that should not leave the company’s network. Some DLP solutions may leverage similar logic to that of outbound encryption solutions, however the goal is different. Rather than encrypting data to be sent, DLP solutions actually prevent outgoing messages from being sent if they are shown to contain sensitive material.

Mobile Device Management

In addition to protecting and archiving your hedge fund's emails and other electronic messages, you should also take a look at solutions for mobile device management to protect your data. As enterprise data moves to smartphones and tablets and companies continue to support BYOD practices, extra care must be taken to ensure sensitive company information is protected while on mobile devices.

Look for a mobile device management solution with the following:

Support of various devices, including Apple, Android and BlackBerry;

Ability to restrict and monitor application downloads;

Content management, including encryption and password protection for company-sensitive materials; and

Analysis of user activity including behavioral patterns.

Here are a few more resources on technology compliance to keep you up-to-speed: